Non-subscribers will no longer be able to use text-message two-factor authentication (2FA).
2FA adds an extra degree of security to online accounts beyond passwords by double-checking the identity of the individual signing in.
Texting a code to users or utilizing an authenticator app are two common methods.
Nevertheless, the Twitter Support account stated on Saturday that only Twitter Blue subscribers would be allowed to use text-message authentication beginning March 20.
Some text messaging Users using 2FA also received an in-app notification to delete the technique before the deadline to avoid losing access to their accounts.
Elon Musk, the owner and CEO of Twitter, announced that its authenticator app, which would stay free, was more secure.
Twitter was “scammed” by phone carriers and was paying more than $60 million (£49 million) each year for “false 2FA SMS texts,” he told a critic of the move.
Twitter announced on its site that “bad actors” have misused the method.
“We encourage non-Twitter Blue subscribers to consider using an authentication app or security-key method instead,” it said.
“These methods require you to have physical possession of the authentication method and are a great way to ensure your account is secure.”
But security expert Rachel Tobac tweeted the move was “nerve-wracking”, citing a Twitter report published in July 2022 showing only 2.6% of active Twitter accounts had 2FA turned on between July 2021 to December 2021 but of those:
“All of us in security want folks to use a great form of [multi-factor authentication] to protect their account,” Ms Tobac tweeted, “but auto-unenrolling users who already signed up for SMS 2FA, because they didn’t pay, just opens them up to risk.”
Experts have warned SMS 2FA can be less secure than authenticator apps.
But it remained popular because it was easy to use, Prof Alan Woodward, of the University of Surrey, said.
“I’d rather people used something rather than nothing, which might well be what the less tech savvy are tempted to do,” he told BBC News.
“I sympathise that Elon Musk is trying to drive costs out of the business but choosing to effectively discourage 2FA for many users seems a dreadfully short-sighted false economy.”
